Evolving cyber threats target appliances

As the threat of malware continues to evolve over time with cybercriminals now targeting non-conventional electronic appliances such as battery chargers and digital photo frames, companies need to pay even more attention to their quality control practices.

According to Ronnie Ng, Symantec Singapore’s senior manager for systems engineering, cybercriminals are constantly finding new means and ways to exploit vulnerabilities. This focus now extends to devices not usually known to inhabit malware such as USB appliances and mobile phones.

"The proliferation of USB appliances, mobile phones and PC peripherals as well as their increased use simply mean there will be continued attempts by cybercriminals to exploit various platforms and devices for their personal gain," he said in an e-mail to ZDNet Asia.

Ng also pointed out that companies should implement "stringent standards and policies" to ensure appliances are safe for use, particularly anything that has or [can] potentially access sensitive data or information. These appliances have flash or bootable storage, which would be anything from memory cards to MP3 players, he stated.

The Symantec executive’s point of view is shared by another security expert. Eric Chong, the regional marketing director of Trend Micro Asia-Pacific. He thinks quality control, whether for hardware or software, is "definitely a necessity" now that cyber attacks are taking on new forms.

He told ZDNet Asia in his e-mail: "Essentially, anything that has the ability to connect to the Internet could potentially be vulnerable to attack, or worse, could secretly contain malware that would lead to data or identity theft."

Calls have come for stricter diligence in checks and quality control after products from Energizer and HTC were found with security breaches.

ZDNet Asia’s sister site, CNET News, had in March reported about a software that could be downloaded for use with the Energizer Duo USB battery charger, which contained a backdoor that could allow an attacker to remotely take control of a Windows-based PC.

The article cited a U.S. Computer Emergency Readiness Team statement as saying: "The installer for the Energizer Duo software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory. Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs."

The battery maker said in the same statement that "it did not know how the Trojan got into the software" and that it has since discontinued sales of the product and removed the download site for the software.

In the same month, a Panda Security blog post written by senior research advisor Pedro Bustamante revealed how one of his colleagues received a brand new HTC Magic smartphone from Vodafone that came with a Mariposa bot client in it.

"The interesting thing is that when she plugged the phone to her PC via USB, her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into," he stated in the post.

Bustamante added that the computer, once infected with the malware, was seen "phoning home" to receive further instructions. He said this was probably to "steal all of the user’s credentials and send them to the malware writer".

He noted that Mariposa was not the only malware in the phone, sharing space with "Conficker and a Lineage password stealer" malware, too.

Spanish language blog, Movil Zona, later reported that Vodafone had pinpointed the fault to the memory cards that came with the phone, stating that 3,000 of the handsets were "exposed" to the virus.

ZDNet Asia contacted consumer appliance makers such as Philips and Samsung to find out how they conduct their quality control measures, but both declined to comment, while Energizer could not respond by press time.

Rather, people should "be aware, adopt best practices and exercise caution during use", such as using an effective antivirus solution to scan any external storage device for malware before use, he advised.